Audit report and formal spec (#39)

weijiekoh · web-flow · commit 36d634c47e84 · 2020-03-22T14:20:14.000+02:00
* fixed wrong link to semaphore-base.circom in docs * added audit report and spec Former-commit-id: 7a28c61
diff --git a/audit/Audit Report Summary for Semaphore and MicroMix.pdf b/audit/Audit Report Summary for Semaphore and MicroMix.pdf
diff --git a/docs/about.html b/docs/about.html
@@ -163,6 +163,9 @@ <h1><a class="header" href="#about" id="about">About</a></h1>
 verification on-chain. The zero-knowledge components work off-chain to allow
 the user to generate proofs, which allow the smart contract to update its state
 if these proofs are valid.</p>
+<p>For a formal description of Semaphore and its underlying cryptographic
+mechanisms, also see this document
+<a href="https://github.com/appliedzkp/semaphore/tree/master/spec">here</a>.</p>
 <p>Semaphore is designed for smart contract and dApp developers, not end users.
 Developers should abstract its features away in order to provide user-friendly
 privacy.</p>
diff --git a/docs/audit.html b/docs/audit.html
@@ -155,8 +155,10 @@ <h1><a class="header" href="#security-audit" id="security-audit">Security audit<
 as well as relevant circuits in
 <a href="https://github.com/iden3/circomlib">circomlib</a>, which contains components
 which the Semaphore zk-SNARK uses.</p>
-<p>All security and performance issues have been fixed. The full audit report will
-be available soon.</p>
+<p>The summary of the audit results can be found
+<a href="https://github.com/appliedzkp/semaphore/tree/master/audit">here</a>. After three
+rounds of fixes, all security and performance issues were fixed, and the few
+remaining issues are minor and do not affect security.</p>
 
                     </main>
 
diff --git a/docs/howitworks.html b/docs/howitworks.html
@@ -192,8 +192,9 @@ <h2><a class="header" href="#broadcasting-signals" id="broadcasting-signals">Bro
 <p>To zk-SNARK proof must satisfy the constraints created by Semaphore's zk-SNARK
 circuit as described below:</p>
 <h3><a class="header" href="#the-zk-snark-circuit" id="the-zk-snark-circuit">The zk-SNARK circuit</a></h3>
-<p>The <a href="./circuits/circom/semaphore-base.circom">semaphore-base.circom</a> circuit
-helps to prove the following:</p>
+<p>The
+<a href="https://github.com/appliedzkp/semaphore/blob/master/circuits/circom/semaphore-base.circom">semaphore-base.circom</a>
+circuit helps to prove the following:</p>
 <h3><a class="header" href="#that-the-identity-commitment-exists-in-the-merkle-tree" id="that-the-identity-commitment-exists-in-the-merkle-tree">That the identity commitment exists in the Merkle tree</a></h3>
 <p><strong>Private inputs:</strong></p>
 <ul>
diff --git a/docs/index.html b/docs/index.html
@@ -163,6 +163,9 @@ <h1><a class="header" href="#about" id="about">About</a></h1>
 verification on-chain. The zero-knowledge components work off-chain to allow
 the user to generate proofs, which allow the smart contract to update its state
 if these proofs are valid.</p>
+<p>For a formal description of Semaphore and its underlying cryptographic
+mechanisms, also see this document
+<a href="https://github.com/appliedzkp/semaphore/tree/master/spec">here</a>.</p>
 <p>Semaphore is designed for smart contract and dApp developers, not end users.
 Developers should abstract its features away in order to provide user-friendly
 privacy.</p>
diff --git a/docs/print.html b/docs/print.html
@@ -165,6 +165,9 @@ <h1><a class="header" href="#about" id="about">About</a></h1>
 verification on-chain. The zero-knowledge components work off-chain to allow
 the user to generate proofs, which allow the smart contract to update its state
 if these proofs are valid.</p>
+<p>For a formal description of Semaphore and its underlying cryptographic
+mechanisms, also see this document
+<a href="https://github.com/appliedzkp/semaphore/tree/master/spec">here</a>.</p>
 <p>Semaphore is designed for smart contract and dApp developers, not end users.
 Developers should abstract its features away in order to provide user-friendly
 privacy.</p>
@@ -276,8 +279,9 @@ <h2><a class="header" href="#broadcasting-signals" id="broadcasting-signals">Bro
 <p>To zk-SNARK proof must satisfy the constraints created by Semaphore's zk-SNARK
 circuit as described below:</p>
 <h3><a class="header" href="#the-zk-snark-circuit" id="the-zk-snark-circuit">The zk-SNARK circuit</a></h3>
-<p>The <a href="./circuits/circom/semaphore-base.circom">semaphore-base.circom</a> circuit
-helps to prove the following:</p>
+<p>The
+<a href="https://github.com/appliedzkp/semaphore/blob/master/circuits/circom/semaphore-base.circom">semaphore-base.circom</a>
+circuit helps to prove the following:</p>
 <h3><a class="header" href="#that-the-identity-commitment-exists-in-the-merkle-tree" id="that-the-identity-commitment-exists-in-the-merkle-tree">That the identity commitment exists in the Merkle tree</a></h3>
 <p><strong>Private inputs:</strong></p>
 <ul>
@@ -735,8 +739,10 @@ <h1><a class="header" href="#security-audit" id="security-audit">Security audit<
 as well as relevant circuits in
 <a href="https://github.com/iden3/circomlib">circomlib</a>, which contains components
 which the Semaphore zk-SNARK uses.</p>
-<p>All security and performance issues have been fixed. The full audit report will
-be available soon.</p>
+<p>The summary of the audit results can be found
+<a href="https://github.com/appliedzkp/semaphore/tree/master/audit">here</a>. After three
+rounds of fixes, all security and performance issues were fixed, and the few
+remaining issues are minor and do not affect security.</p>
 <h1><a class="header" href="#credits" id="credits">Credits</a></h1>
 <ul>
 <li>Barry WhiteHat</li>
diff --git a/docs/searchindex.js b/docs/searchindex.js
diff --git a/docs/searchindex.json b/docs/searchindex.json
diff --git a/docs_src/src/about.md b/docs_src/src/about.md
@@ -16,6 +16,10 @@ verification on-chain. The zero-knowledge components work off-chain to allow
 the user to generate proofs, which allow the smart contract to update its state
 if these proofs are valid.
 
+For a formal description of Semaphore and its underlying cryptographic
+mechanisms, also see this document
+[here](https://github.com/appliedzkp/semaphore/tree/master/spec).
+
 Semaphore is designed for smart contract and dApp developers, not end users.
 Developers should abstract its features away in order to provide user-friendly
 privacy.
diff --git a/docs_src/src/audit.md b/docs_src/src/audit.md
@@ -7,5 +7,7 @@ as well as relevant circuits in
 [circomlib](https://github.com/iden3/circomlib), which contains components
 which the Semaphore zk-SNARK uses.
 
-All security and performance issues have been fixed. The full audit report will
-be available soon.
+The summary of the audit results can be found
+[here](https://github.com/appliedzkp/semaphore/tree/master/audit). After three
+rounds of fixes, all security and performance issues were fixed, and the few
+remaining issues are minor and do not affect security.
diff --git a/docs_src/src/howitworks.md b/docs_src/src/howitworks.md
@@ -50,8 +50,9 @@ circuit as described below:
 
 ### The zk-SNARK circuit
 
-The [semaphore-base.circom](./circuits/circom/semaphore-base.circom) circuit
-helps to prove the following:
+The
+[semaphore-base.circom](https://github.com/appliedzkp/semaphore/blob/master/circuits/circom/semaphore-base.circom)
+circuit helps to prove the following:
 
 ### That the identity commitment exists in the Merkle tree
 
diff --git a/spec/Semaphore Spec.pdf b/spec/Semaphore Spec.pdf
